CVE-2025-67848

{"id": "CVE-2025-67848", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-67848", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "total"}], "version": "2.0.3", "timestamp": "2026-02-04T04:55:50.922048Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "affected": [{"source": "patrick@puiterwijk.org", "affectedData": [{"versions": [{"status": "affected", "version": "4.1.0", "lessThan": "4.1.22", "versionType": "semver"}, {"status": "affected", "version": "4.4.0", "lessThan": "4.4.12", "versionType": "semver"}, {"status": "affected", "version": "4.5.0", "lessThan": "4.5.8", "versionType": "semver"}, {"status": "affected", "version": "5.0.0", "lessThan": "5.0.4", "versionType": "semver"}, {"status": "affected", "version": "5.1.0", "lessThan": "5.1.1", "versionType": "semver"}], "packageName": "moodle", "collectionURL": "https://github.com/moodle/moodle/", "defaultStatus": "unaffected"}]}], "published": "2026-02-03T11:15:54.107", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-67848", "tags": ["Third Party Advisory"], "source": "patrick@puiterwijk.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423831", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "patrick@puiterwijk.org"}, {"url": "https://moodle.org/mod/forum/discuss.php?d=471298", "tags": ["Vendor Advisory"], "source": "patrick@puiterwijk.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "description": [{"lang": "en", "value": "CWE-280"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability (LTI) Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access to the system. This can lead to information disclosure or other unauthorized actions by users who should be restricted."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en Moodle. Esta vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n permite a usuarios suspendidos autenticarse a trav\u00e9s del Proveedor de Interoperabilidad de Herramientas de Aprendizaje (LTI). El problema surge de que los manejadores de autenticaci\u00f3n LTI no aplican el estado de suspensi\u00f3n del usuario, lo que permite el acceso no autorizado al sistema. Esto puede llevar a la revelaci\u00f3n de informaci\u00f3n o a otras acciones no autorizadas por parte de usuarios que deber\u00edan estar restringidos."}], "lastModified": "2026-06-17T09:58:10.887", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2DF3FD1-3A53-41D9-890B-F6DE973AB09C", "versionEndExcluding": "4.1.22"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CED60CDC-8F12-481C-9ADD-8559860A2B3C", "versionEndExcluding": "4.4.11", "versionStartIncluding": "4.4.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0CC5CF8-4808-41A5-B8A1-B0D6C575E5DC", "versionEndExcluding": "4.5.8", "versionStartIncluding": "4.5.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06F81442-AEEB-483D-90A9-93DDBA5B95D6", "versionEndExcluding": "5.0.4", "versionStartIncluding": "5.0.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:5.1.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "567FEE12-0E75-4F0C-B22E-E76990C80E1B"}], "operator": "OR"}]}], "sourceIdentifier": "patrick@puiterwijk.org"}